CVE-2021-38454

Name of the Vulnerable Software and Affected Versions Moxa MXview Network Management software versions 3.x through 3.2.2

Description The issue is related to insufficient access control in the Moxa MXView network control software, which can be exploited by a remote attacker to bypass security restrictions using the MQTT protocol. A path traversal vulnerability may allow an attacker to create or overwrite critical files used to execute code, such as programs or libraries.

Recommendations For versions 3.x through 3.2.2, update to a version that addresses the path traversal vulnerability to prevent attackers from creating or overwriting critical files. As a temporary workaround, consider restricting access to the MQTT protocol to minimize the risk of exploitation. Avoid using the vulnerable version of the Moxa MXview Network Management software until a patch is available.